Astra Linux - уязвимость в exiv2

There is a vulnerability in the SEGV method in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of the tiffimageint.cpp file, within Exiv2 0.27-RC3. A crafted input can lead to a remote denial-of-service attack...

CVE-2025-66037

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, scpkcs15pubkeyfromspkifields allocates a zero-length buffer...

EUVD-2018-21647

Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST requests to the login/checklogin.php endpoint with crafted UNION-based SQL injection...

CVE-2018-25194

Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST requests to the login/checklogin.php endpoint with crafted UNION-based SQL injection...

CVE-2018-25194 Nominas 0.27 SQL Injection via username Parameter

Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST requests to the login/checklogin.php endpoint with crafted UNION-based SQL injection...

Arixolab Nominas 路径遍历漏洞

Arixolab Nominas is a human resources and salary calendar system developed by the Spanish company Arixolab. Version 0.27 of Arixolab Nominas contains a path traversal vulnerability. This vulnerability stems from an SQL injection issue with the username parameter in the login/checklogin.php file,...

[SECURITY] [DSA 6095-1] foomuuri security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6095-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 07, 2026 https://www.debian.org/security/faq -...

PT-2026-1886

Name of the Vulnerable Software and Affected Versions Foomuuri versions prior to 0.27-2+deb13u1 Foomuuri versions prior to 0.31 Description An Improper Neutralization of Argument Delimiters issue exists in Foomuuri, potentially leading to integrity loss of the firewall configuration or other...

PT-2026-1882

Name of the Vulnerable Software and Affected Versions Foomuuri versions prior to 0.31 Foomuuri version 0.27-2+deb13u1 Description An improper authorization issue in Foomuuri allows unauthorized users to modify the firewall configuration. This could lead to tampering of the firewall configuration...

CVE-2025-64443

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

CVE-2025-40934 XML-Sig prior to 0.68 for Perl improperly validates XML without signatures

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should retur...

CVE-2025-40934

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should retur...

EUVD-2021-0078

Malware in sbrugna...

CVE-2025-58016

Missing Authorization vulnerability in Codexpert, Inc CF7 Submissions cf7-submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 Submissions: from n/a through = 0.26...

PT-2024-13684 · Unknown · Openbmc Firmware

Name of the Vulnerable Software and Affected Versions: OpenBMC Firmware versions prior to egs-1.15-0 OpenBMC Firmware versions prior to bhs-0.27 Description: The issue is an out of bounds read that may allow a privileged user to potentially enable information disclosure via local access...

PT-2024-12501 · Unknown · Openbmc Firmware

Name of the Vulnerable Software and Affected Versions: OpenBMC Firmware versions prior to egs-1.14-0 OpenBMC Firmware versions prior to bhs-0.27 Description: The issue is related to an uncaught exception in OpenBMC Firmware for some IntelR Server Platforms, which may allow an authenticated user t...

GHSA-973X-65J7-XCF4 Decompressors can crash the JVM and leak memory content in Aircompressor

Summary All decompressor implementations of Aircompressor LZ4, LZO, Snappy, Zstandard can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process which could contain sensitive information. Details When decompressing certain data, the...

perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input

perl-Convert-ASN1 aka the Convert::ASN1 module for Perl through 0.27 allows remote attackers to cause an infinite loop via unexpected input...

Rocky Linux 8 : compat-exiv2-026 (RLSA-2022:1797)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1797 advisory. - A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service DOS via a crafted file...

SUSE CVE-2013-7488

perl-Convert-ASN1 aka the Convert::ASN1 module for Perl through 0.27 allows remote attackers to cause an infinite loop via unexpected input...